Since virtual-template is virtual interface, we ip unnumber to a physical interface with "ip unnumbered fa0/0", so that it is always up.
"tunnel source" is not required for EzVPN client. EzVPN server using virtual-template with ZBF is bit complicated. VTI is considered as a separate interface. You need to add a dummy zone say "ezvpn" and associate it to the VTI. Add the following to geiven below four zone-pair: class-default pass in - ezvpn ezvpn - in out - ezvp ezvpn - out With regards Kings On Thu, Apr 1, 2010 at 5:01 PM, Michael Davis <[email protected]>wrote: > Hi Everyone – I have 2 questions: > > 1. When using Virtual templates with EZVPN what is the difference > between using the “*ip unnumbered fa0/0”* command or the *“tunnel source > fa0/0”* command? When I use either command the ezvpn completes, but I > don’t get any traffic flow using the *“tunnel source” *command > > 2. I don’t understand ICMP with ZBF. I inspect it, but the > class-default drops it as though it has not matched my inspect policy?? > When I configure the default class to pass then ICMP works. Has anyone else > seen this? I don’t get it…. > > Apr 1 11:40:27.191: %FW-6-LOG_SUMMARY: 4 packets were dropped from > 4.8.22.2:8 => 10.2.2.14:0 (target:class)-(IN->EZVPN:class-default > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
